--- Paul Howarth <paul@xxxxxxxxxxxx> ha scritto:
$ dig @68.112.12.36 www.cnn.com
connection timed out; no servers could be reached
If this works on the machine connected to the cable
modem then it suggests
This is actually on the client PC (FC1 eth0=192.168.0.50/255.255.255.0 GW=192.168.0.1) connected with a crossover cable to the eth1 of the FC3 PC connected to the cable modem.
On 192.168.0.1 I get:
dig @68.112.12.36 www.cnn.com
; <<>> DiG 9.2.4 <<>> @68.112.12.36 www.cnn.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53693 ;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION: ;www.cnn.com. IN A
;; ANSWER SECTION: www.cnn.com. 88 IN CNAME cnn.com. cnn.com. 88 IN A 64.236.16.116 cnn.com. 88 IN A 64.236.24.4 cnn.com. 88 IN A 64.236.24.12 cnn.com. 88 IN A 64.236.24.20 cnn.com. 88 IN A 64.236.24.28 cnn.com. 88 IN A 64.236.16.20 cnn.com. 88 IN A 64.236.16.52 cnn.com. 88 IN A 64.236.16.84
;; AUTHORITY SECTION: cnn.com. 452 IN NS twdns-01.ns.aol.com. cnn.com. 452 IN NS twdns-02.ns.aol.com. cnn.com. 452 IN NS twdns-03.ns.aol.com. cnn.com. 452 IN NS twdns-04.ns.aol.com.
;; Query time: 73 msec ;; SERVER: 68.112.12.36#53(68.112.12.36) ;; WHEN: Thu Dec 9 11:25:29 2004 ;; MSG SIZE rcvd: 270
That looks OK, which again points the finger at the packet forwarding.
that your packet forwarding rules are broken. What's the output of:
# iptables -n -L
on the machine connected to the cable modem?
iptables -n -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6881:6889 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Interesting; the first rule in the RH-Firewall-1-INPUT chain would appear to be accepting any packet, thus rendering the remaining rules irrelevant. However, I'm not an iptables expert and I don't use Red Hat's firewall utility, so maybe I'm misinterpreting that.
What do you get from:
# iptables -L -n -t nat
Paul.